WDS - Client Configuration Help

Unanswered Question
Jul 2nd, 2008

Hi All,

I have many ap1252ap's, I have configured WDS on the one ap and it authenticate to itself OK - to the locally configured radius server.

state = wlccp_ap_st_registered

The problem is that I do not know where to go from here.

I have followed the docs (Fast Roaming, WDS) but I cannot get very far, in fact I do not think that my clients are even attempting to authenticate with my AP. I have modified the following taken from the sraom doc,

AP# configure terminal

AP(config)# dot11 ssid fastroam

AP(config-ssid)# authentication network-eap eap_methods

SSID CONFIG WARNING: [fastroam]: If radio clients are using EAP-FAST, AUTH OPEN with EAP should also be configured.

AP(config-ssid)# authentication key-management cckm

AP(config-ssid)# exit

AP(config)# interface dot11radio0

AP(config-if)# encryption mode ciphers ckip-cmic

AP(config-if)# ssid fastroam

AP(config-if)# exit

AP(config)# end

But something is still not right or missing. I have added users (or at least I think I have from an authentication point of view) with the username and password as the MAC of the clients to the local radius server, using command

ap(config-radsrv)#user xxx password xxx

But i do not understand how this links in with the client, basically how do I configure a client to attach using cckm, where do i put in a username and password for the network profile, if i pick leap, then I am prompted for the username/password, but what username/password is this, is it the username/password entered with

ap(config-radsrv)#user xxx password xxx

Any help would be much appreciated.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ahkal_cisco Wed, 07/09/2008 - 13:55


Thankyou for reading my Post, I have managed to work out how to configure my WDS with usernames and passwords, if anybody else is interested, this is what I did.

dot11 ssid fastroam

authentication open eap method_clients

authentication network-eap method_clients

authentication key-management wpa

(method_client is basically a list pointing with IP of server providing WDS/Radius)

Interface dot11radio 0

ssid fastroam

encryption mode ciphers tkip

no shut

To configure user/passowords

conf t

radius local-server

user testing password testing123

then on client


configure LEAP

user: testing

password: testing123



the client should now authenticate to AP/WDS.

The only thing I have not worked out yet is how to configure a backup WDS. nor do I quite understand which of the authentication methods the client is using when it succesfully connects.

Please can you advise: When you have a username/password on the radius server, does it mean that any/or all clients can use the same username/password.

or will the radius server detect that the login is already is use and prevent another attempt. reason behind my question is that if the username/password gets into the wrong hands.

Thanks and Regards


This Discussion



Trending Topics - Security & Network